DoH is tricky to block since it’s just using https on port 443. The only options are blocklists of known servers and attempting to detect it with deep packet inspection.
Comment on Samsung brings ads to US fridges
MangoPenguin@lemmy.blahaj.zone 2 months agoMaybe block the DoH endpoint and in theory the device might fall back to normal DNS, dunno if that would work.
cmnybo@discuss.tchncs.de 2 months ago
MangoPenguin@lemmy.blahaj.zone 2 months ago
Yeah gotta inspect the traffic and block whatever hostnames it uses.
WhyJiffie@sh.itjust.works 2 months ago
and also block outgoing connections to port 53 when it’s not the pihole device’s allowed IP